CVE-2021-47060 is a vulnerability found in the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem, specifically related to the handling of coalesced MMIO (Memory-Mapped I/O) zones. The issue arises when the function kvm_io_bus_unregister_dev() fails to allocate memory for a new instance of the bus during device unregistration. In this failure scenario, the function destroys all devices on the bus except the target device but does not notify the caller that the bus itself has been obliterated and the destructors for all devices have been invoked. Consequently, the subsequent iteration over coalesced MMIO zones continues on a deleted list, leading to a use-after-free or deleted list entry dereference. This can cause kernel crashes or potentially allow an attacker to cause a denial of service (DoS) due to kernel panic or instability. The vulnerability is rooted in improper error handling and memory management within the KVM MMIO coalescing logic. The patch involves aborting the iteration when the bus destruction is detected and adding code clarity with curly braces to prevent logic errors. The CVSS v3.1 score is 6.0 (medium severity), with attack vector local, low attack complexity, requiring high privileges, no user interaction, unchanged scope, high confidentiality impact, no integrity impact, and high availability impact. There are no known exploits in the wild at this time. The affected versions correspond to specific Linux kernel commits or versions identified by their hashes, indicating this is a kernel-level issue affecting Linux distributions using vulnerable kernel versions.

For European organizations, the impact of CVE-2021-47060 primarily concerns environments running Linux with KVM virtualization enabled, which is common in data centers, cloud providers, and enterprises using Linux-based virtualization infrastructure. Successful exploitation could lead to denial of service conditions, causing virtual machines or host systems to crash or become unstable, impacting availability of critical services. The high confidentiality impact suggests potential information leakage risks, possibly through memory corruption or side effects of the vulnerability, though no integrity impact is noted. Organizations relying on Linux-based virtualization for sensitive workloads may face operational disruptions and potential data exposure risks. Given the requirement for high privileges and local access, the threat is more relevant to insider threats or attackers who have already compromised a system with elevated privileges. The absence of known exploits reduces immediate risk but does not eliminate the need for timely patching. European organizations with compliance requirements around system availability and data confidentiality (e.g., GDPR) should prioritize mitigation to avoid service interruptions and data breaches.

1. Apply the official Linux kernel patches that address CVE-2021-47060 as soon as they are available from trusted Linux distribution vendors or the Linux kernel mainline. 2. Regularly update and maintain Linux kernel versions to incorporate security fixes, especially in environments using KVM virtualization. 3. Restrict high-privilege access to Linux hosts running KVM to trusted administrators only, minimizing the risk of local privilege abuse. 4. Implement monitoring and alerting for unusual kernel crashes or instability that could indicate exploitation attempts. 5. Use kernel hardening features such as Kernel Address Space Layout Randomization (KASLR) and SELinux/AppArmor to reduce the attack surface. 6. In multi-tenant environments, isolate virtual machines and limit inter-VM communication to reduce the impact of potential kernel-level vulnerabilities. 7. Conduct regular security audits and vulnerability scanning focused on kernel versions and virtualization components. 8. Educate system administrators on the importance of promptly applying kernel updates and recognizing signs of kernel exploitation or instability.